From 1d198c660c1259bd1d088f006370a810faf57453 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sat, 10 Aug 2024 18:54:39 +0000
Subject: [PATCH] ext/sockets: controlling ephemeral port ranges on *BSD.

    whether ephemeral ports are onto the privileged low port ranges
     or a range more fit for restricted scenarios.

close GH-15335
---
 NEWS                          |  4 ++++
 UPGRADING                     |  4 ++++
 ext/sockets/sockets.stub.php  | 23 +++++++++++++++++++++++
 ext/sockets/sockets_arginfo.h | 14 +++++++++++++-
 4 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 50e8e89758c..60ef9cf9925 100644
--- a/NEWS
+++ b/NEWS
@@ -52,6 +52,10 @@ PHP                                                                        NEWS
     get_defined_functions(). (Girgias)
   . The SOAP_FUNCTIONS_ALL constant is now deprecated. (Girgias)
 
+- Sockets:
+  . Added IP_PORTRANGE* constants for BSD systems to control ephemeral port
+    ranges. (David Carlier)
+
 - SPL:
   . The SplFixedArray::__wakeup() method has been deprecated as it implements
     __serialize() and __unserialize() which need to be overwritten instead.
diff --git a/UPGRADING b/UPGRADING
index 6fc76481112..1cd665b5ec3 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -904,6 +904,10 @@ PHP 8.4 UPGRADE NOTES
   . SO_EXCLBIND (Solaris/Illumos only).
   . SO_NOSIGPIPE (macOs and FreeBSD).
   . SO_LINGER_SEC (macOs only).
+  . IP_PORTRANGE (FreeBSD/NetBSD/OpenBSD only).
+  . IP_PORTRANGE_DEFAULT (FreeBSD/NetBSD/OpenBSD only).
+  . IP_PORTRANGE_HIGH (FreeBSD/NetBSD/OpenBSD only).
+  . IP_PORTRANGE_LOW (FreeBSD/NetBSD/OpenBSD only).
 
 - Sodium:
   . SODIUM_CRYPTO_AEAD_AEGIS128L_KEYBYTES
diff --git a/ext/sockets/sockets.stub.php b/ext/sockets/sockets.stub.php
index 23666057858..f1724359c7d 100644
--- a/ext/sockets/sockets.stub.php
+++ b/ext/sockets/sockets.stub.php
@@ -711,6 +711,29 @@ const IPV6_MULTICAST_LOOP = UNKNOWN;
 const IPV6_V6ONLY = UNKNOWN;
 #endif
 
+#ifdef IP_PORTRANGE
+/**
+ * @var int
+ * @cvalue IP_PORTRANGE
+ */
+const IP_PORTRANGE = UNKNOWN;
+/**
+ * @var int
+ * @cvalue IP_PORTRANGE_DEFAULT
+ */
+const IP_PORTRANGE_DEFAULT = UNKNOWN;
+/**
+ * @var int
+ * @cvalue IP_PORTRANGE_HIGH
+ */
+const IP_PORTRANGE_HIGH = UNKNOWN;
+/**
+ * @var int
+ * @cvalue IP_PORTRANGE_LOW
+ */
+const IP_PORTRANGE_LOW = UNKNOWN;
+#endif
+
 #ifdef EPERM
 /**
  * Operation not permitted
diff --git a/ext/sockets/sockets_arginfo.h b/ext/sockets/sockets_arginfo.h
index e14be3edb27..85e3796b5f2 100644
--- a/ext/sockets/sockets_arginfo.h
+++ b/ext/sockets/sockets_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: e43c00bcb6af1c0a20a92162457883e3a33b4a53 */
+ * Stub hash: 434b5b721d0f89b6113de4331e9044c891b2bb16 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_socket_select, 0, 4, MAY_BE_LONG|MAY_BE_FALSE)
 	ZEND_ARG_TYPE_INFO(1, read, IS_ARRAY, 1)
@@ -602,6 +602,18 @@ static void register_sockets_symbols(int module_number)
 #if defined(IPV6_V6ONLY)
 	REGISTER_LONG_CONSTANT("IPV6_V6ONLY", IPV6_V6ONLY, CONST_PERSISTENT);
 #endif
+#if defined(IP_PORTRANGE)
+	REGISTER_LONG_CONSTANT("IP_PORTRANGE", IP_PORTRANGE, CONST_PERSISTENT);
+#endif
+#if defined(IP_PORTRANGE)
+	REGISTER_LONG_CONSTANT("IP_PORTRANGE_DEFAULT", IP_PORTRANGE_DEFAULT, CONST_PERSISTENT);
+#endif
+#if defined(IP_PORTRANGE)
+	REGISTER_LONG_CONSTANT("IP_PORTRANGE_HIGH", IP_PORTRANGE_HIGH, CONST_PERSISTENT);
+#endif
+#if defined(IP_PORTRANGE)
+	REGISTER_LONG_CONSTANT("IP_PORTRANGE_LOW", IP_PORTRANGE_LOW, CONST_PERSISTENT);
+#endif
 #if defined(EPERM)
 	REGISTER_LONG_CONSTANT("SOCKET_EPERM", EPERM, CONST_PERSISTENT);
 #endif